PT-2025-48944 · Masacms · Masacms
Published
2025-12-03
·
Updated
2025-12-08
·
CVE-2024-32641
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Masa CMS versions prior to 7.2.8
Masa CMS versions prior to 7.3.13
Masa CMS versions prior to 7.4.6
Description
Masa CMS is an open source Enterprise Content Management platform. The application is susceptible to remote code execution. The issue resides in the
addParam function, which processes user-supplied input through the criteria parameter. This input is then evaluated by the setDynamicContent function, enabling an unauthenticated attacker to execute arbitrary code using the 'm' tag.Recommendations
Update Masa CMS to version 7.2.8 or later.
Update Masa CMS to version 7.3.13 or later.
Update Masa CMS to version 7.4.6 or later.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Masacms